ImportError: cannot import name 'soft_unicode' from 'markupsafe'

[sumit-sampang-rai]

Description

Markup has release a new version and now Jinja throws an error.

File "/opt/hostedtoolcache/Python/3.8.12/x64/lib/python3.8/site-packages/dbt/utils.py", line 9, in <module>
    import jinja2
  File "/opt/hostedtoolcache/Python/3.8.12/x64/lib/python3.8/site-packages/jinja2/__init__.py", line 12, in <module>
    from .environment import Environment
  File "/opt/hostedtoolcache/Python/3.8.12/x64/lib/python3.8/site-packages/jinja2/environment.py", line [25](https://github.com/cloudfactory/edw-dbt/runs/5243038097?check_suite_focus=true#step:7:25), in <module>
    from .defaults import BLOCK_END_STRING
  File "/opt/hostedtoolcache/Python/3.8.12/x64/lib/python3.8/site-packages/jinja2/defaults.py", line 3, in <module>
    from .filters import FILTERS as DEFAULT_FILTERS  # noqa: F401
  File "/opt/hostedtoolcache/Python/3.8.12/x64/lib/python3.8/site-packages/jinja2/filters.py", line 13, in <module>
    from markupsafe import soft_unicode
ImportError: cannot import name 'soft_unicode' from 'markupsafe' (/opt/hostedtoolcache/Python/3.8.12/x64/lib/python3.8/site-packages/markupsafe/__init__.py)
Error: Process completed with exit code 1.

Bug Replication

Install Jinja with MarkupSafe 2.1.0

Expected behavior

No errors when importing jinja.

Environment

• Python version: 3.8.12
• Jinja version: 2.11.3
• MarkupSafe: 2.1.0

[davidism]

You are using an unsupported version of Jinja, please update to the latest version if possible. Additionally, please read https://hynek.me/articles/semver-will-not-save-you/, then use a tool like pip-tools to pin your dependencies and control when you get updates. Be sure to run your tests with deprecation warnings treated as errors so that you get notified of these types of changes early.

[lasote]

Jinja 2.x has not been supported for some time. Upgrade Jinja, and use something like pip-tools to pin your dependencies.

IMHO that is not reasonable at all. Many projects are still using Jinja 2 and the fix is easy.

[ThiefMaster]

You're supposed to pin your dependencies anyway, and if Jinja made a 2.11.x update you'd have to update your pins anyway (you did pin Jinja, right? Otherwise you'd get 3.x!), so why not just add a pin for markupsafe instead?

[lasote]

Because I don't depend on markupsafe, I depend on Jinja. The responsibility for providing compatible dependencies is jinja2, not every project that depends on it.

Edit: By the way, in my case, I develop conan, and I would need to fix versions from 1.0 to 1.43. If I have to do it, I'll do it because I respect my users, I won't ask them to pin markupsafe.

Edit2: We already upgraded to Jinja 3 a couple of versions ago, but we understand not all users are able to upgrade Conan for different reasons, so we have to give them a solution.

[ThiefMaster]

Edit: By the way, in my case, I develop conan, and I would need to fix versions from 1.0 to 1.43. If I have to do it, I'll do it because I respect my users, I won't ask them to pin markupsafe

That's actually an end user application, not a library. IMHO it should be installed in an isolated venv where YOU control all the versions (= versions known to work fine with your application).

But for libraries strict pings are actually worse: Sure, in this particular case it's an ImportError. But do you know how annoying it is if you are using a library and they pin the max version of some dependency, maybe unnecessarily, and you want to use that newer version or install something else that needs it? :)
By letting the user pin transitive dependencies instead (and ideally use recent versions instead of ancient ones) they can decide whether they're willing to install a newer version or not.

[lasote]

But in this case, it's an ImportError and it is unnecessary, and if you consider jinja2 deprecated, creating a patch shouldn't be annoying for anyone.

. IMHO it should be installed in an isolated venv where YOU control all the versions

Yes, we have that discussion often with our users but with Conan you write Python recipes and the user can plugin extension written in Python, so in that sense is a library and they could have other requirements.

[aditya-kar]

Now that we know that it is breaking all other libraries that are dependent on Jinja 2.x, including Flask 1.1.4, could we please pin the max version of MarkupSafe?

[gzamboni]

Jinja 2.x has not been supported for some time. Upgrade Jinja, and use something like pip-tools to pin your dependencies.

This is a little bit awkward... Flask still uses Jinja2... 😯

[ThiefMaster]

Flask uses Jinja2 v3.x. Not v2.x

[pradyunsg]

Hi there! If you're here to complain about how this broke your workflow, please see pallets/markupsafe#286 (comment).

[lasote]

@jeremy-coulon conan-io/conan#10611

[mattslezak-shell]

I don't understand the big deal, the fix with jinga2 is simple:

runtime.py and filters.py:

Change: from markupsafe import soft_unicode
To: from markupsafe import soft_str as soft_unicode

Although I get confused on this site where jinja2 is actually located, or if it's a dead package. What brought me here is Spyder Python IDE uses this package, I traced the errors, I fixed them with the above very easily.

[ThiefMaster]

Jinja is not dead. But old versions are unsupported, and people should pin all their dependencies if they rely on older versions (which is perfectly fine, but not without pinning deps).

[zachliu]

@chongkong the new airflow 2.2.4 doesn't have such issue, it has

Flask==1.1.2
Jinja2==3.0.3
MarkupSafe==2.0.1

in its constraints
well, at least for Python 3.8 😀